On Tue, Dec 11, 2018 at 10:04:34AM +0100, Kashyap Chamarthy wrote:
On Mon, Dec 10, 2018 at 04:53:27PM +0000, Daniel P. Berrangé wrote:
The virt-pki-validate tool is extracting components in the x509 certificate Subject field. Unfortunately the regex it is is using is far too strict, and so truncating valid data. It needs to consider ',' as a field separator, and if that's not there take all data until the EOL.
[...]
--- tools/virt-pki-validate.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in index b04680ddef..c3fadbba64 100755 --- a/tools/virt-pki-validate.in +++ b/tools/virt-pki-validate.in @@ -201,14 +201,14 @@ then echo Client certificate $LIBVIRT/clientcert.pem should be world readable echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644 $LIBVIRT/clientcert.pem" else - S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'` + S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem" | grep Subject: | sed 's+.*O=\([^,]*\).*+\1+'`
Unrelated to this patch, nit-pick: s/S_ORG/C_ORG/ here? Because we use 'S_ORG' further below in the script for server certificate.
Yes, that's a harmless mistake but i'll push a trivial patch to rename it. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|